mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	netfilter: conntrack: limit sysctl setting for boolean options
We use the zero and one to limit the boolean options setting. After this patch we only set 0 or 1 to boolean options for nf conntrack sysctl. Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
		
							parent
							
								
									a4cb98f32c
								
							
						
					
					
						commit
						8f14c99c7e
					
				| @ -24,9 +24,9 @@ struct nf_generic_net { | ||||
| 
 | ||||
| struct nf_tcp_net { | ||||
| 	unsigned int timeouts[TCP_CONNTRACK_TIMEOUT_MAX]; | ||||
| 	unsigned int tcp_loose; | ||||
| 	unsigned int tcp_be_liberal; | ||||
| 	unsigned int tcp_max_retrans; | ||||
| 	int tcp_loose; | ||||
| 	int tcp_be_liberal; | ||||
| 	int tcp_max_retrans; | ||||
| }; | ||||
| 
 | ||||
| enum udp_conntrack { | ||||
|  | ||||
| @ -511,6 +511,8 @@ static void nf_conntrack_standalone_fini_proc(struct net *net) | ||||
| /* Log invalid packets of a given protocol */ | ||||
| static int log_invalid_proto_min __read_mostly; | ||||
| static int log_invalid_proto_max __read_mostly = 255; | ||||
| static int zero; | ||||
| static int one = 1; | ||||
| 
 | ||||
| /* size the user *wants to set */ | ||||
| static unsigned int nf_conntrack_htable_size_user __read_mostly; | ||||
| @ -624,9 +626,11 @@ static struct ctl_table nf_ct_sysctl_table[] = { | ||||
| 	[NF_SYSCTL_CT_CHECKSUM] = { | ||||
| 		.procname	= "nf_conntrack_checksum", | ||||
| 		.data		= &init_net.ct.sysctl_checksum, | ||||
| 		.maxlen		= sizeof(unsigned int), | ||||
| 		.maxlen		= sizeof(int), | ||||
| 		.mode		= 0644, | ||||
| 		.proc_handler	= proc_dointvec, | ||||
| 		.proc_handler	= proc_dointvec_minmax, | ||||
| 		.extra1 	= &zero, | ||||
| 		.extra2 	= &one, | ||||
| 	}, | ||||
| 	[NF_SYSCTL_CT_LOG_INVALID] = { | ||||
| 		.procname	= "nf_conntrack_log_invalid", | ||||
| @ -647,33 +651,41 @@ static struct ctl_table nf_ct_sysctl_table[] = { | ||||
| 	[NF_SYSCTL_CT_ACCT] = { | ||||
| 		.procname	= "nf_conntrack_acct", | ||||
| 		.data		= &init_net.ct.sysctl_acct, | ||||
| 		.maxlen		= sizeof(unsigned int), | ||||
| 		.maxlen		= sizeof(int), | ||||
| 		.mode		= 0644, | ||||
| 		.proc_handler	= proc_dointvec, | ||||
| 		.proc_handler	= proc_dointvec_minmax, | ||||
| 		.extra1 	= &zero, | ||||
| 		.extra2 	= &one, | ||||
| 	}, | ||||
| 	[NF_SYSCTL_CT_HELPER] = { | ||||
| 		.procname	= "nf_conntrack_helper", | ||||
| 		.data		= &init_net.ct.sysctl_auto_assign_helper, | ||||
| 		.maxlen		= sizeof(unsigned int), | ||||
| 		.maxlen		= sizeof(int), | ||||
| 		.mode		= 0644, | ||||
| 		.proc_handler	= proc_dointvec, | ||||
| 		.proc_handler	= proc_dointvec_minmax, | ||||
| 		.extra1 	= &zero, | ||||
| 		.extra2 	= &one, | ||||
| 	}, | ||||
| #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||||
| 	[NF_SYSCTL_CT_EVENTS] = { | ||||
| 		.procname	= "nf_conntrack_events", | ||||
| 		.data		= &init_net.ct.sysctl_events, | ||||
| 		.maxlen		= sizeof(unsigned int), | ||||
| 		.maxlen		= sizeof(int), | ||||
| 		.mode		= 0644, | ||||
| 		.proc_handler	= proc_dointvec, | ||||
| 		.proc_handler	= proc_dointvec_minmax, | ||||
| 		.extra1 	= &zero, | ||||
| 		.extra2 	= &one, | ||||
| 	}, | ||||
| #endif | ||||
| #ifdef CONFIG_NF_CONNTRACK_TIMESTAMP | ||||
| 	[NF_SYSCTL_CT_TIMESTAMP] = { | ||||
| 		.procname	= "nf_conntrack_timestamp", | ||||
| 		.data		= &init_net.ct.sysctl_tstamp, | ||||
| 		.maxlen		= sizeof(unsigned int), | ||||
| 		.maxlen		= sizeof(int), | ||||
| 		.mode		= 0644, | ||||
| 		.proc_handler	= proc_dointvec, | ||||
| 		.proc_handler	= proc_dointvec_minmax, | ||||
| 		.extra1 	= &zero, | ||||
| 		.extra2 	= &one, | ||||
| 	}, | ||||
| #endif | ||||
| 	[NF_SYSCTL_CT_PROTO_TIMEOUT_GENERIC] = { | ||||
| @ -744,15 +756,19 @@ static struct ctl_table nf_ct_sysctl_table[] = { | ||||
| 	}, | ||||
| 	[NF_SYSCTL_CT_PROTO_TCP_LOOSE] = { | ||||
| 		.procname	= "nf_conntrack_tcp_loose", | ||||
| 		.maxlen		= sizeof(unsigned int), | ||||
| 		.maxlen		= sizeof(int), | ||||
| 		.mode		= 0644, | ||||
| 		.proc_handler	= proc_dointvec, | ||||
| 		.proc_handler	= proc_dointvec_minmax, | ||||
| 		.extra1 	= &zero, | ||||
| 		.extra2 	= &one, | ||||
| 	}, | ||||
| 	[NF_SYSCTL_CT_PROTO_TCP_LIBERAL] = { | ||||
| 		.procname       = "nf_conntrack_tcp_be_liberal", | ||||
| 		.maxlen         = sizeof(unsigned int), | ||||
| 		.maxlen         = sizeof(int), | ||||
| 		.mode           = 0644, | ||||
| 		.proc_handler   = proc_dointvec, | ||||
| 		.proc_handler	= proc_dointvec_minmax, | ||||
| 		.extra1 	= &zero, | ||||
| 		.extra2 	= &one, | ||||
| 	}, | ||||
| 	[NF_SYSCTL_CT_PROTO_TCP_MAX_RETRANS] = { | ||||
| 		.procname	= "nf_conntrack_tcp_max_retrans", | ||||
| @ -887,7 +903,9 @@ static struct ctl_table nf_ct_sysctl_table[] = { | ||||
| 		.procname	= "nf_conntrack_dccp_loose", | ||||
| 		.maxlen		= sizeof(int), | ||||
| 		.mode		= 0644, | ||||
| 		.proc_handler	= proc_dointvec, | ||||
| 		.proc_handler	= proc_dointvec_minmax, | ||||
| 		.extra1 	= &zero, | ||||
| 		.extra2 	= &one, | ||||
| 	}, | ||||
| #endif | ||||
| #ifdef CONFIG_NF_CT_PROTO_GRE | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Tonghao Zhang
						Tonghao Zhang